package com.xxx.base.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.autoconfigure.web.server.ManagementServerProperties;
import org.springframework.boot.autoconfigure.h2.H2ConsoleProperties;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import java.util.List;

@Configuration
@EnableWebSecurity
@ConfigurationProperties("spring.security")
public class URLSecurityConfiguration extends WebSecurityConfigurerAdapter {

    private List<String> ignorePathPatterns;
    @Value("${spring.datasource.druid.stat-view-servlet.url-pattern}")
    private String druidServletPath;

    @Override
    protected void configure(HttpSecurity pHttp) throws Exception {
        ManagementServerProperties mntServerProperties = getApplicationContext().getBean(ManagementServerProperties.class);
        H2ConsoleProperties h2ConsoleProperties = getApplicationContext().getBean(H2ConsoleProperties.class);
        SysAutoConfiguration sysAutoConf = getApplicationContext().getBean(SysAutoConfiguration.class);

        pHttp.authorizeRequests()
                .antMatchers(toAntPath(h2ConsoleProperties.getPath())).hasAnyRole("H2")
                .antMatchers(toAntPath(mntServerProperties.getServlet().getContextPath())).hasAnyRole("ACTUATOR")
                .antMatchers(toAntPath(sysAutoConf.getMbeanPrefix())).hasAnyRole("MBEAN")
                .antMatchers(toAntPath(druidServletPath)).hasAnyRole("DRUID")
                .antMatchers("/").hasAnyRole("ADMIN")
                .antMatchers("/index.html").hasAnyRole("ADMIN")
                .antMatchers("/swagger-ui.html").hasAnyRole("ADMIN")
                .antMatchers("/api-doc").hasAnyRole("ADMIN")
                .anyRequest().permitAll()
                .and().formLogin().loginPage("/login.html")
                .and().httpBasic()
                .and().headers().frameOptions().sameOrigin()
                .and().csrf().disable();
//        pHttp.logout()
//                .logoutUrl("/my/logout")
//                .logoutSuccessUrl("/my/index")
//                .logoutSuccessHandler(logoutSuccessHandler)
//                .invalidateHttpSession(true)
//                .addLogoutHandler(logoutHandler)
//                .deleteCookies(cookieNamesToClear);
    }



//    @Override
//    protected void configure(AuthenticationManagerBuilder pAuth) throws Exception {
//        // super.configure(pAuth);
//        pAuth.inMemoryAuthentication()
//            .withUser("admin").password("admin").roles("admin");
//    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(ignorePathPatterns.toArray(new String[]{}));
    }


    private String toAntPath(String pPath) {
        if (pPath.endsWith("/")) return pPath + "**";
        else if (pPath.endsWith("/*")) return pPath + "*";
        else if (pPath.endsWith("/**")) return pPath;
        return pPath + "/**";
    }

    public List<String> getIgnorePathPatterns() {
        return ignorePathPatterns;
    }

    public URLSecurityConfiguration setIgnorePathPatterns(List<String> ignorePathPatterns) {
        this.ignorePathPatterns = ignorePathPatterns;
        return this;
    }
}
